Make OWASP WebGoat project working with Security Products
&839 (closed)]
[Moved toWebGoat is a deliberately insecure web application maintained by (OWASP)[https://www.owasp.org] designed to teach web application security lessons.
The application is Java-based, and a good example to demonstrate our Security features.
Anyway, our checks are not working out of the box, so this issue is to make all the reports working.
The application doesn't have a Dockerfile
, but we already forked it, we can that ourselves.
-
SAST -
DAST -
Container Scanning (add a Dockerfile previously) -
Dependency Scanning -
License Management
The project is hosted here: https://gitlab.com/gitlab-org/security-products/tests/webgoat and I expect to have it as part of our QA process (hence the location).
/cc @bikebilly
Edited by Philippe Lafoucrière